The networking giant didn't disclose a release date, but recommends using SSH over Telnet Credit: Martyn Williams After digging through the CIA archives released by WikiLeaks, Cisco says they’ve discovered a previously unknown flaw impacting 318 switch models. The bug, which the CIA has known about for an undetermined amount of time, can allow a remote attacker to execute code or cause a reload of a targeted device.Cisco says in its advisory, the vulnerability in the Cluster Management Protocol (CMP) exists due to the combination of two factors.The first is failure to restrict CMP-specific Telnet options to “local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device.”The second factor is the processing of malformed CMP-specific options. “An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” the advisory states.CMP-specific Telnet options are processed by default, which means even if there are no cluster configuration commands present on the device, an attacker can still exploit the vulnerability via Telnet on IPv4 or IPv6. “This vulnerability can only be exploited through a Telnet session established to the device – sending the malformed options on Telnet sessions through the device will not trigger the vulnerability,” Cisco explained.Cisco says they will release software updates that address the vulnerability in Cisco IOS and Cisco IOS XE. However, they didn’t provide a timeline as to when those fixes will be made available. Instead, Cisco urged customers to keep an eye on the IOS Software Checker tool for details.For now, Cisco recommends that administrators disable Telnet as an allowed protocol for incoming connections and use SSH instead, as this will eliminate the exploit vector. Moreover, disabling Telnet in favor of SSH is highly recommended by Cisco as a rule for device hardening. Additional details on this process are available here.If for some reason disabling Telnet just isn’t an option, then Cisco recommends customers lower the attack surface by implementing iACLs – or infrastructure access control lists. Information on iACLs is available here.The devices affected by the vulnerability discovered in the CIA cache include 264 Catalyst switches, more than 50 Industrial Ethernet switches, Embedded Service 2020 switches, Cisco RF Gateway, and the SM-X Layer 2/3 EtherSwitch Service Module. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe